Hi, I have a two part question, related to monitoring the Karaf container via JMX. We are using ServiceMix 7.0.0 that includes Karaf 4.0.8 in its distribution.
Firstly, we have a requirement to encrypt JMX connections and I'm struggling to find documentation that walks us through this. The Karaf manual did provide some information, which was to fill in properties in the org.apache.karaf.management.cfg file, such as "keyStore=my_keystore". However this seemed to be only half the story as it seems that the keyStore value is not the path to the keystore file, but a reference to a keystore entity as configured using a keystore.xml file. The curious thing is that this was not mentioned in the karaf manual and we only came across these instructions by looking at some Fuse documentation: https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Fuse/6.1/html/Security_Guide/FMQSecurityJmxSSL.html. Unfortunately we still ended up with an error when following the Fuse guide: "Can't re-init JMXConnectorServer with SSL enabled when register a keystore:connector:name=rmi" and were unable to connect from jconsole. *So we're not confident that we're on the right track, can somebody confirm this?* Secondly, assuming that creating the keystore.xml descriptor file is the right way to go, it seems that it requires the credentials for the keystore, and the alias of the private key contained within, to be specified in plain text. Attempts to specify "{CRYPT}" tags didn't appear to work. *Does the keystore descriptor file support jasypt integration, and we just need to try harder to get it to work?* Any help greatly appreciated! - Ash -- View this message in context: http://karaf.922171.n3.nabble.com/Encrypted-JMX-Connection-tp4050593.html Sent from the Karaf - User mailing list archive at Nabble.com.
